Patelco Confirms Five-Hour DDoS Takedown

Last Thursday, the main member-facing Patelco website was down for around five hours, said Patelco CEO Ken Burns in an interview Tuesday.

“It appears to have been DDoS,” said Burns, referring to the technique of bringing a web host down by flooding it with meaningless information and pointless requests.

As for who launched the attack, the $3.8 billion Patelco (headquartered in Pleasanton, Calif.) on Tuesday was claimed as a victim in a long list of victimized financial institutions posted to the web by the Izz ad-Din al-Qassam Cyber Fighters, the group that has been behind the current wave of DDoS attacks.

Patelco is the second credit union named as a victim, Also last Thursday, the $1.5 billion University Federal Credit Union in Austin, Texas, suffered an outage that a spokesperson said lasted two and one half hours.

No other credit unions are known to have been targeted in the current round of attacks, which are widely believed to originate from Iran.

In the attack on Patelco, Burns stressed there was no compromise of member data, that the essential impact was that members who were attempting to go through the home page to online banking found they could not or, in some cases, they could but it took many minutes for the hand off.

In the aftermath of the attack, Burns said he was happy with how the Patelco IT staff had quickly responded to the attack. But he added that Patelco had now entered into an agreement with a third-party vendor that specializes in DDoS mitigation to provide the institution and its members more security going forward.

In offering details of the attack, Burns said “it started around 10 a.m. PT.” Within a few hours Patelco’s IT staff had pinpointed the servers the attackers were exploiting and IT redirected much of the incoming traffic.

But in a proof of the sophistication of the attack, the attackers quickly realized what Patelco IT had done and they managed to track down where the traffic had been redirected. They aimed their data barrage there, again crippling Patelco’s servers.

The attacks then ended around 5 p.m. PT, said Burns, who added, “We have not seen other attacks since.”

Meanwhile, the Cyber Fighters have now announced a “suspension” of DDoS attacks on U.S. financial institutions. Exactly what this means and for how long will a suspension last is not known. The group's website postings said it was suspending the attacks because YouTube had taken down the most heavily viewed version of a video the group said was insulting to Islam.

The posting said, "This is a clear indication of progress and establishment of logic instead of obstinacy. This positive move is a humanitarian effort and in line with paying respect to divine religions which has made billions of people love them; and it's a becoming and proper action. All of us — al-Qassam group, U.S. government, and even YouTube and Google's managers — carrying on such a wise action have contributed to this victory and progress.

"The al-Qassam cyber fighters lauds this positive measure of YouTube and on this basis suspends his operation and plans to give a time to Google and U.S. government to remove the other copies of film as well. During the suspension of Operation Ababil, no attack to U.S. banks would take place by al-Qassam cyber fighters."